-/* $OpenBSD: channels.c,v 1.252 2006/07/10 12:08:08 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.265 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "includes.h"
-#include <sys/ioctl.h>
#include <sys/types.h>
+#include <sys/ioctl.h>
#include <sys/un.h>
#include <sys/socket.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <errno.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
#include <termios.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "packet.h"
-#include "xmalloc.h"
#include "log.h"
#include "misc.h"
+#include "buffer.h"
#include "channels.h"
#include "compat.h"
#include "canohost.h"
#include "key.h"
#include "authfd.h"
#include "pathnames.h"
-#include "bufaux.h"
/* -- channel core */
u_short listen_port; /* Remote side should listen port number. */
} ForwardPermission;
-/* List of all permitted host/port pairs to connect. */
+/* List of all permitted host/port pairs to connect by the user. */
static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
-/* Number of permitted host/port pairs in the array. */
+/* List of all permitted host/port pairs to connect by the admin. */
+static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+
+/* Number of permitted host/port pairs in the array permitted by the user. */
static int num_permitted_opens = 0;
+
+/* Number of permitted host/port pair in the array permitted by the admin. */
+static int num_adm_permitted_opens = 0;
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE];
chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE];
+/* ARGSUSED */
static void
channel_pre_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
FD_SET(c->sock, readset);
}
+/* ARGSUSED */
static void
channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset)
{
FD_SET(c->ctl_fd, readset);
}
+/* ARGSUSED */
static void
channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset)
{
}
}
+/* ARGSUSED */
static void
channel_pre_output_draining(Channel *c, fd_set *readset, fd_set *writeset)
{
}
/* try to decode a socks4 header */
+/* ARGSUSED */
static int
channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
{
#define SSH_SOCKS5_CONNECT 0x01
#define SSH_SOCKS5_SUCCESS 0x00
+/* ARGSUSED */
static int
channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
{
return 0;
/* look for method: "NO AUTHENTICATION REQUIRED" */
for (found = 0, i = 2 ; i < nmethods + 2; i++) {
- if (p[i] == SSH_SOCKS5_NOAUTH ) {
+ if (p[i] == SSH_SOCKS5_NOAUTH) {
found = 1;
break;
}
}
/* This is our fake X11 server socket. */
+/* ARGSUSED */
static void
channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
/*
* This socket is listening for connections to a forwarded TCP/IP port.
*/
+/* ARGSUSED */
static void
channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
* This is the authentication agent socket listening for connections from
* clients.
*/
+/* ARGSUSED */
static void
channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
}
}
+/* ARGSUSED */
static void
channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset)
{
}
}
+/* ARGSUSED */
static int
channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
{
return 1;
}
+/* ARGSUSED */
static int
channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
{
return 1;
}
+/* ARGSUSED */
static int
channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset)
{
channel_check_window(c);
}
+/* ARGSUSED */
static void
channel_post_output_drain_13(Channel *c, fd_set *readset, fd_set *writeset)
{
* the secure channel to host:port from local side.
*/
-void
+int
channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
const char *host_to_connect, u_short port_to_connect)
{
success = 1;
break;
case SSH_SMSG_FAILURE:
- logit("Warning: Server denied remote port forwarding.");
break;
default:
/* Unknown packet */
permitted_opens[num_permitted_opens].listen_port = listen_port;
num_permitted_opens++;
}
+ return (success ? 0 : -1);
}
/*
/*
* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates
* listening for the port, and sends back a success reply (or disconnect
- * message if there was an error). This never returns if there was an error.
+ * message if there was an error).
*/
-void
+int
channel_input_port_forward_request(int is_root, int gateway_ports)
{
u_short port, host_port;
+ int success = 0;
char *hostname;
/* Get arguments from the packet. */
#endif
/* Initiate forwarding */
- channel_setup_local_fwd_listener(NULL, port, hostname,
+ success = channel_setup_local_fwd_listener(NULL, port, hostname,
host_port, gateway_ports);
/* Free the argument string. */
xfree(hostname);
+
+ return (success ? 0 : -1);
}
/*
channel_add_permitted_opens(char *host, int port)
{
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
- fatal("channel_request_remote_forwarding: too many forwards");
+ fatal("channel_add_permitted_opens: too many forwards");
debug("allow port forwarding to host %s port %d", host, port);
permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
all_opens_permitted = 0;
}
+int
+channel_add_adm_permitted_opens(char *host, int port)
+{
+ if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("channel_add_adm_permitted_opens: too many forwards");
+ debug("config allows port forwarding to host %s port %d", host, port);
+
+ permitted_adm_opens[num_adm_permitted_opens].host_to_connect
+ = xstrdup(host);
+ permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
+ return ++num_adm_permitted_opens;
+}
+
void
channel_clear_permitted_opens(void)
{
if (permitted_opens[i].host_to_connect != NULL)
xfree(permitted_opens[i].host_to_connect);
num_permitted_opens = 0;
+}
+
+void
+channel_clear_adm_permitted_opens(void)
+{
+ int i;
+ for (i = 0; i < num_adm_permitted_opens; i++)
+ if (permitted_adm_opens[i].host_to_connect != NULL)
+ xfree(permitted_adm_opens[i].host_to_connect);
+ num_adm_permitted_opens = 0;
}
/* return socket to remote host, port */
int
channel_connect_to(const char *host, u_short port)
{
- int i, permit;
+ int i, permit, permit_adm = 1;
permit = all_opens_permitted;
if (!permit) {
permitted_opens[i].port_to_connect == port &&
strcmp(permitted_opens[i].host_to_connect, host) == 0)
permit = 1;
+ }
+ if (num_adm_permitted_opens > 0) {
+ permit_adm = 0;
+ for (i = 0; i < num_adm_permitted_opens; i++)
+ if (permitted_adm_opens[i].host_to_connect != NULL &&
+ permitted_adm_opens[i].port_to_connect == port &&
+ strcmp(permitted_adm_opens[i].host_to_connect, host)
+ == 0)
+ permit_adm = 1;
}
- if (!permit) {
+
+ if (!permit || !permit_adm) {
logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
return -1;
* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
*/
+/* ARGSUSED */
void
x11_input_open(int type, u_int32_t seq, void *ctxt)
{
}
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
+/* ARGSUSED */
void
deny_input_open(int type, u_int32_t seq, void *ctxt)
{